CVE-2025-57107
7.1
HIGH
CVSS 3.1
EPSS 0.02%
Description
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
How to fix CVE-2025-57107
To remediate CVE-2025-57107, upgrade the affected package to a fixed version below.
- Debian/vtk9—no fix listed
- —upgrade to 9.5.1 or later
Is CVE-2025-57107 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 9.5.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |